Sunday, November 4, 2018

All of us - well, almost all of us have been conditioned to accept the so called "End User License Agreement" (EULA) for next to everything. Sometimes we agree unknowingly just by turning a new gadget ON; my classical example for that is Windows 10 with it's 12,000 words long EULA.

EVERY app on our phones,
EVERY program ever installed on our computers,
EVERY so called "smart" or "connected" TV in our living rooms,
EVERY supposedly "intelligent" device that recognizes "Google Hello" or is "Alexa enabled",
EVERY of the many useful things that require an Internet connection and an app on a smart phone
and many more things too numerous to list here can be used to spy on us.

Saturday, November 3, 2018

Please DO NOT manually check for Updates any more, now and in the future!Insufficiently or untested updates have very recently caused many home computer systems to break and/or show erratic behavior or they have led to file loss!

Microsoft
has quietly modified the technology hidden behind Windows Update. The
gist of it is that when you check manually for Updates your Windows operating system
will be given all available but eventually insufficiently tested updates!

As
a way of avoiding that to occur Microsoft has begun to check much more
thoroughly if every given update is fully compatible with the individual
computer's hardware. They give that update to a given computer only
when the previously mentioned checks and tests end positively.

But all this happens only in the course of the regular, automatic update process!

If you manually 'check for updates' your computer will get ALL available updates without these compatibility tests!

You can find an interesting article about this general problem here at HowToGeek.com. This article talks about all major operating systems including iOS and Android for cell phones. But you will find Windows 10 and Microsoft mentioned many times. Just overlook everything that does not pertain to Windows. Windows 8 and 7 are now treated the same way!

So again and to summarize:

Please DO NOT manually check for Updates any more, now and in the future!

IMHO it is, to say the least, misleading to use Microsoft's wording "telemetry" when our Windows 10 systems talk to Microsoft [MS] all the time without ever having asked our permission. They even don't ever tell us about the simple fact that they do that; you have to be a technology geek and read lots of very technical stuff to even become aware of what is going on.

The article lists 20 web sites that Windows 10 connect to when you start a brand new Windows 10 system. All these sites collect technical information about our computers and about us. As a simple example: Why does MS want or need to know where I am? That is information I personally would only disclose to the police if they ever wanted or needed to know that.

Here is list from above mentioned article. I have added the bold typeface in Line 1.

Windows 10 connects to one or more websites in these categories:

Cortana and Search

Certificates

Device authentication

Device metadata

Diagnostic data

Font streaming

Licensing

Location

Maps

Microsoft account

Microsoft store

Network connection status indicator (NCSI)

Office

OneDrive

Settings

Skype

Windows Defender

Windows Spotlight

Windows Update

Microsoft forward link redirection service (FWLink)

All this can on slower Internet connections add significantly to the time it takes for the system to start up. I have experienced that quite often when a sluggish or outright slow system all of a sudden works with normal reaction times after all that got turned off.

And to top it off, the program I use to turn off this talking back to MS is from a well reputed company and totally free.

Any questions or comments? Pleas use the Comment feature of this blog.

Tuesday, August 28, 2018

Something made me more suspicious than I usually am so I moved the cursor to the "Verify Your Account" button. And YES, that button translates to a shortened link - as you can see in the second red square.

Why would a well reputed company like PayPal ever use a shortened link?

I admit, the email looks convincing and even sort of professional.

Before I hit the Delete button in my email program, I took above screen shot for this blog post.

Sunday, August 12, 2018

Look at this screen shot of the offending email as shown in my email program:

Btw. following references to the blue or red squares do in no way refer to BattleBots. 😉

In the blue square we have the sender's email address. I believe that NO administrator in the whole wide world would ever use an AOL email account for his official business. Some criticism of AOL can be found here.

In the first red square you see my cursor on the VERIFY NOW link and because of that you can see in the second red square the textual representation of what web page that link would actually send my browser to - if I were sufficiently un-attentive to click my mouse in that situation.

The target web page is on a server in India at "managershub"! You don't see that? Learn how to read URLs.

And I don't even use what the scammer refers to as a "Web-mail system".

To top it off there are three simple spelling errors or typos in the short text of the email; unprofessional to the hilt!

Sum total: An old but time honored scam in a new dress - but not even a fancy dress.

Saturday, July 7, 2018

If you or someone in your household has any piece of equipment from Apple, like an iPhone, iPad, iPod or the like then

this is for you!

Since iPhones a.s.o. are so common nowadays the crooks are targeting you. Look at the email I just got in a partial screen shot of the Thunderbird screen:

I have marked the give-away items with colored rectangles as follows:

Blue: I don't have an Apple account! Ha, ha, ha.

Purple: The email does not even come from Apple!

Green: My cursor pointing to the "Verify..." button.

Red: The URL (web site address) that the "Verify..." button actually is pointing to; it has NOTHING AT ALL to do with Apple.

To be addressed as "Dear ejheinze@att.net" is so unprofessional this alone would be reason enough to click on the Delete button!

The item in the red rectangle I see only because I told my email program to show this and because the cursor is on the "Verify..." button. I believe none of this needs further clarification. Should you have any questions please feel free to ask me, preferably in an email.

A general remark:

If the program you use to read your emailsdoes not show you any of the information in blue, purple and red then you potentially endanger your computer!

So far the main argument for Chrome was "it is faster". That was and is a phony argument that shows a deplorable lack of knowledge by the people using it. I'll give you an example.

Let's assume from the moment you click on a link to having the new web page in front of your eyes it takes all together 10 seconds.

90% of that time is needed to get the many little files that comprise a web page from the server these files reside on to your computer. We and/or the web browser have no way to make that faster.

The last 10% of the time is used by the web browser to "convert " the many little files into the picture we see; this process is called rendering. And that actually was where Chrome was faster.

MS Edge, the new version of Firefox and others have closed and/or eliminated that speed gap.

If Chrome were 30% faster in rendering the web page that would be only 0.3 seconds. Even in a direct A/B comparison we would not be able to experience that difference.

Additionally: The Chrome web store, from where you'd download any browser extension you might want or need, has been plagued by rogue extensions (only one example here, there are many more!). You may find way too late that the extension you downloaded and installed was rogue.

So for me it is clear:

No to Google Chrome and ANY Microsoft browser; IMHO the only well supported alternative is Firefox.

Friday, January 5, 2018

First and foremost: Please DO NOT confuse cloud storage of data with cloud computing; these are two very different animals. If you use cloud storage you and your data are NOT directly affected! And as far as I know these attacks are difficult to pull off in the
first place and I don't personally know anybody who actively uses cloud
computing.

My short synopsis: If you are using a regular home computer I believe you are and most likely will remain safe. These bugs MIGHT affect companies that run their software, web sites, email systems and what not on Cloud Services like Amazon Web Services, Google Cloud Computing, and/or Microsoft Azure.

Don't get overly alarmed but install updates as soon as they are available,especially updates for the Windows Operating system and your web browser.

Sunday, December 10, 2017

Have you ever or are you sometimes looking at something or even buying something on Amazon?

If you can answer any of above questions with Yes then you should read this article.

It shows very clearly why I always say that, no matter what companies say, we, the paying customer, are a voiceless, powerless "necessary evil". They just don't give a hoot about us.

Their talk of "how important" their customers are and how they care for us and how important it is for them "to serve the customer" is nothing but marketing hullabaloo and all too often they just plainly lie to us.

Never the less, I will stick with my Amazon Prime account and I will keep using Google's services.

Monday, December 4, 2017

Likely every direct or indirect Yahoo user got this or an email similar to this:

DO NOT CLICK on the RESET link! This email is a scam!

As you can see my cursor was on the RESET link in the text when I took this screenshot.

Please look at the red framed box in the left bottom corner. You can easily see that the link would take you to helpdeskhomezone.com, a web site that obviously has NOTHING AT ALL to do with Yahoo! It is your guess what might happen if you do click on it.

Just the line where these crooks address me, "Dear ejkheinze@att.net" is another simple giveaway. No even vaguely reasonable company would address a customer like that!

Monday, September 18, 2017

One time too many I have been asked by a caller why he should hire me rather than take his computer to Best Buy; here is my complete reply. I apologize for the bad style (way too many paragraphs begin with "I"!) but I am not a native English speaker.

In general

my main interest is cleaning your computer of all viruses and malware and securing it and your web browser against getting infected again in the future

I have over 25 years of experience with Windows PCs plus over 23 years of experience as a computer programmer and database manager

I do not mince words but rather say it as I see it

I can explain technically complex concepts in layman's terms

I prefer real-life usability and experience over personal opinions and commercial “tests”

I abhor industry shenanigans and trickery and warn my customers

I work on Windows PCs only and do only house calls up to 30 miles from my residence. There is no extra charge to appear at your door and I charge no mileage fees.

Saturday, August 26, 2017

And again the email scammers are at it again. Most likely I got this email (see below) because my email address is publicly available thanks to Yahoo having gotten hacked about 2.5 to 3 years ago. It took a lot of public pressure until Yahoo well over two years after the fact finally admitted to hack #1 and then to hack #2. Disclaimer: Both articles I just linked to are to be read carefully because they were, partially at least, written by journalists that are not computer technicians and/or with sensationalist attitude. The facts of the matter are not in question though!

I have many, many customers with email addresses ending in @att.net or @sbcglobal.net". At least theoretically they all could be affected likewise.

If you think something along the lines of "... but he has an email address ending with @att.net, why is he concerned by Yahoo having been hacked ..."? Well. many years ago AT&T didn't want the hassle of running their own email servers so they subcontracted Yahoo to do the technical handling of the email accounts of all AT&T customers; that includes in Wisconsin email addresses ending with @sbcglobal.net and country wide many others.. Thus all AT&T customers could be affected.

I have checked on Have I Been Pwned and yes, my email address is in both big customer files that got stolen from Yahoo. That "pwned" by the way is pronounced as "owned" and that is what it means. In geek speak it expresses that your computer - or here my email address - is 'owned' by somebody else who can do with it as they please.

Luckily my password did not get exposed but after I learned of the hack I changed it anyway, just to stay on the safe side.

Now to the current reason why I write all this. I got this email:

Sender Address: btinternet.com translates to BRITISH TELECOMMUNICATIONS PLCNOTHING AT ALL to do with AT&T.

You see that I had my cursor on the "Click here..." link and

because of the cursor on the link you can see in the left bottom corner of the email window the the link goes to bit.ly, a well know link shortening service.Now THAT IS suspicious, for me at least.

And did you see the errors in the text? Failure should begin with a lower case 'f', the period behind AT&T Mail is wrong and clobbers the whole sentence and "Your Mail; version ..." does not make any sense at all. It is almost like I could say "Bad English, bad actor".
Summary of all the above: DELETE!

Please, DO NOT be curious, DO NOT click on the link just because you want to see what happens; just delete the email and sleep in peace.

Saturday, July 22, 2017

About one to two times every month I encounter customers who react clearly with doubt or outright disbelief when I tell them NOT TO USE Internet Explorer. IE is Microsoft's web browser with roots in the mid 1990s. That is in computer terms ancient!

Finally I found an article on maketecheasier.com that explains the "why" in easily understandable terms. You find it here. Enjoy the read and please, please pass the word to your relatives and friends.

And if you are only a little bit like me you want to turn off IE totally. You find instructions on how to do that here.

Friday, July 21, 2017

The original of this text was written by Ken Dwight, aka The Virus Doctor. I am an alumnus of his Virus Remediation Training and make this text available for my customers with his kind permission. Thanks Ken.

As with malware in general, encrypting ransomware is continually changing. Most of these changes are evolutionary and somewhat predictable. As such, they don’t call for any significant changes in the methodology to be used in dealing with them.

Some recent developments in specific families and strains of encrypting ransomware are
significant enough to justify an update to the IT Support technician’s strategies and tactics for handling them effectively.

There are primarily two families of such ransomware that warrant this attention. Multiple names have been assigned to these families, but this discussion will use the names that are most frequently found in credible press coverage of these outbreaks.

The more recent attack, erroneously known as Petya, but more accurately referred to as
NotPetya, first struck on June 27, 2017. There are no estimates of the total number of computers infected by this malware, or the number of countries represented. But it clearly targeted businesses and organizations in Ukraine, with some 80% of the infections found there. This ransomware also has its own Wikipedia entry, at https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine.

These two families of ransomware have several characteristics in common. Probably the most notable is the widespread coverage both received in the general press. While malware generally goes unreported in the non-trade press, these attacks were the exception to that rule. Fueling the press coverage was the revelation that both of these attacks were based on exploits developed by, and subsequently stolen from, the U. S. National Security Agency (NSA).

Interestingly enough, I have not seen any of these infections first-hand, nor have I received reports from any graduates of my Virus Remediation Training workshops that they have encountered computers encrypted by either of these families of ransomware. Considering the fact that hundreds of IT Support Techs fall into this category, in most of the United States + 7 foreign countries, I can only speculate that the actual infection rate is much less widespread than the press coverage would lead one to believe.

Another common denominator between these two infections was the fact that the vulnerability in Windows that was used for both of these attacks had been patched by Microsoft in their March, 2017 Windows Updates; any computer with that update applied would not have been infected by either of these pieces of malware.

Two NSA exploits were used in both of these attack scenarios; they are named EternalBlue and DoublePulsar. A free EternalBlue vulnerability scanner is available for download from http://omerez.com/eternal-blues-worldwide-statistics/. As of mid-July, 2017 more than 10 million IPs have been scanned; the majority of hosts scanned (53.82%) still have SMBv1 enabled, and 1 out of 9 hosts in a network is vulnerable to EternalBlue.

Another important difference between these two families of malware involves the type of
encryption they perform on the victim’s hard drive. WannaCry, like most encrypting
ransomware, encrypts each individual file. It also changes the filename to end with an extension of .wcry.

On the other hand, NotPetya encrypts the entire hard drive and replaces the Master Boot Record with its own version. While the encryption is taking place, the malware displays a screen that looks like a chkdsk operation is being performed; when the whole-disk encryption is complete, it forces a reboot.

Upon the reboot, the modified MBR causes the ransom note to be displayed, with instructions to pay $300 USD in Bitcoin; after 72 hours, the ransom increases to $600 USD. Because of the modified MBR, at this point it is not possible to boot into a normal Windows environment.

As of this writing there is no means to pay the ransom; even if the ransom is paid, there appears to be no way to decrypt the hard drive or restore it to normal operation. Consequently, there is no reason to even consider paying the ransom.

Back to WannaCry, there have been some reports of successful decryption after paying the ransom. But here again, I have no first-hand (or even second-hand) reports from victims of this family of ransomware.

Those are the most recent, high-profile developments in the field of encrypting ransomware. But it’s a pretty safe bet they won’t be the last. This category of malware continues to evolve and become more sophisticated and more insidious. It has crossed the threshold of being a billion-dollar industry; that success will attract more and more criminals who are lured by the promise of easy money. Our prospects for future employment remain secure!

That was it.

All my customers are advised to weekly initiate a check for Windows Updates. If they followed that advice their computers were protected and they don't need to care about these two overly "hyped up" virus outbreaks.

An antivirus service used by tens of
thousands of businesses and millions of home users shut down an untold
number of computers around the world Monday after it mistakenly
identified core parts of Microsoft Windows as threats, the company
confirmed.

Similar events have occurred in the past; sadly they are much more common than we would like and the public hardly knows about it. Some well known companies in the "computer security" or "anti virus" business have had similar snafus. Here is a quote from a blog post at Bleepingcomputer.com:

... Such mishaps have been reported for years to include major
anti-virus/security vendors such as Panda, avast, AVG, BitDefender,
Kaspersky, Malwarebytes, McAfee and Symantec. In most cases when these
issues occur, the anti-virus vendors and security tool developers take
quick action to correct the problem and provide support to those users
who have been affected.

To call such blunders a "mishap" is not a euphemism, IMHO it is outright glossing over or covering up a major blunder.

Things like this should not happen and they don't need to happen, they are major avoidable blunders. In every case we can only speculate about the "why" and I don't like to speculate.

What does all the above tell us? IMHO very simple:

Do not trust a single word in high gloss, pretty brochures.Do not believe the words in computer related advertisements on TV.

What you find in high gloss publications is mostly marketing hypeand likely not really trustworthy. And when certain "security" software seemingly out-of-the-blue suddenly is being hyped over the moon in TV advertisements it IMHO is time to run for the hills. It tells me that very likely a marketing campaign has to cover up some so called "mishap".

-----

So far I have used the acronym IMHO three times in this blog post. Generally there are always at least two ways to look at something, as we say around computers YMMV. If you have a different opinion - or maybe simply think I am a dumba.s then I ask you to please leave a comment, state your case or blow off steam below.

Wednesday, April 26, 2017

Thanks for
checking the blog.There is nothing new -- and that means no bad news and that is
good news, right?It still is the "old" story"; ransomware is at the
top of the list of nasty programs.

The only way to avoid that junk fairly reliably - but
not guaranteed - is
NEVER to click on any attachment to any
email!

Save the attachment to your
desktop, upload the attachment to VirusTotal.com
and have it checked there.

Even only one negative result is enough
for me to tell the sender to check his attachments himself
and stop sending out potentially infected junk
files.

And DO NOT click on links in emails! Check if the link goes to the correct web site! Rest your cursor on the link and look at the left bottom corner of the browser window; there you should see the text of the target URL ( = Internet address) that your browser will take you to if you click on that link. Learn to correctly read these URLs!
Stay safe!

Wednesday, January 25, 2017

WOT vanished from many of my customers Firefox web browsers. I got some questions about that so here is my diatribe.Mozilla, the maker of the Firefox web browser, is a
European organization and
over there they have a MUCH more narrow view of privacy
issues. That is a double-edged sword.

WOT has a few month ago modified
their end user license agreement to conform more closely
to what the add-on all can do. No surprise to me that they
collect some information on the things you search for and where you then click on. Google
does that for years and nobody gives a hoot.

WOT finally made it public and Google
and Mozilla went ballistic pulling the WOT
extension (add-on) from their web sites. I am pretty livid but
they don't listen
to you or me.

WOT in the meantime has changed the
wording of
their enduserlicense
agreement and you again can get and run
WOT in Goggle Chrome.

The Europeans
don't seem to see thevalue of WOT for
the normal non-geek end user and remain stubbornly
on their negative stance towards
WOT.

And Mozilla even tricks people
into disabling or removing WOT- despite the
fact that there is no even
remotely similar functionality
available anywhere else.

It is a
shame but I have to tell my
customers that they have to
use Google Chrome
for their web searches if
they want the advantages of WOT, naturally with WOT and a good Ad-Blocker installed. These get installed from within the web browser, they are extensions.

Currently IMHO only Adblock Plus from adblockplus.org and uBlock Origin qualify as "good" ad-blockers.

Supposedly
WOT and Mozilla are
working on a resolution but
that already takes many
months.

If you
have an affected
computer and on the desktop is a
folder named "Old
Firefox Data" I may be able to
resurrect WOT; but that
definitely would be a trial
and error thing that I can not
guarantee.But at least I can do it remotely.

Monday, January 9, 2017

Here is a short list of in my experience the most important steps you can take to keep your computer and your data safe. have I have added e few remarks for clarification.

Update your software.Not only Windows but all other regularly used programs as well; for a Windows PC this includes (but is not limited to)- Adobe Flash (beware of fake download sites!)- Adobe Shockwave- Web browser(s)- Email client- Java (if installed; mostly Java is not needed at all!)- Office programsWe always have to keep in mind that some programs still don't update automatically and quietly in the background! Checking manually hardly ever has hurt anything.

Back-up to an external hard drive.Done regularly and correctly this currently is the only protection against ransomware viruses!

Use a password manager.For single machines see Keepass, for more than one machine see LastPass and include all cell phones and tablets in the count!

Use a unique password for every account.Everybody has many, many accounts; you need a password manager!

Use random passwordsEasily done only with a password manager!

Turn on two-step verification everywhere you can.If you have a cell phone that you really use, otherwise this is pretty useless.

Read and think(!) before you click."My" first commandment for safe computing.

Enable full-disk encryptionOn a single home computer? Only protects your data when the machine gets stolen.

Put a six-digit PIN on your phone and set the phone to wipe it's contents if the PIN is guessed wrongly too many times.

Do you have questions to any of that? Please feel free to ask them in the comments, I will reply. Maybe not immediately but I will.

and everybody else who might happen to read this!

Wednesday, December 28, 2016

As long as the "old" computer is basically still working transferring all your user files (documents, pictures, music and
videos) is no issue at all as long as they are stored in Windows' standard locations.

After the new computer is up and running I take the disk drive
physically out of the old machine, attach it externally to the new
machine and copy the files directly across to the new computer.

This
way there is only one copy process which saves time compared to
copying via an external drive which requires copying the same data
twice.

After copying the files to the new machine I will urge you to
safely keep the disk drive from the old computer for at least a
year as an insurance against data loss.

Imagine you need a certain
file after several months, you know the name of the file but it just is
not where you thought it should be. It is on the old disk
drive because that is the only place files could have gotten
stored on the old machine; so that is where we have to search for
it.

Sunday, December 18, 2016

Just read this article by Rob Schifren. He is the driving force and creator of TechSupportAlert.com, a very long running and very reliable source of information about free software and many more things about and around computers; computers used here in the widest sense of the word, that is including Apple Mac, Android devices and much more.

From the many contacts with my customers I have an idea about how many people re-use the same password on several (or all) web sites.

PLEASE heed the warning and AT LEAST establish a new STRONG password for your Yahoo account.

IMHO it would be better if you switched to a different service altogether. If you have and use a Yahoo email account I recommend to switch to Gmail.

Gmail can automatically import emails from Yahoo if you want to give your email contacts time to adapt to your new email address.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Thursday, November 24, 2016

Microsoft WILL NOT CALL you because your computer "has been reported" or anything similar.

Please take the few minutes to read this article from the How-To-Geek on common scamming tricks and what to do about them. This article talks about some other commonly encountered scams as well, not only the Microsoft or Tech Support based scams.

It always is good to be well informed. The time to read the HTG article is time well spent; it can help you to avoid the most common traps.

Monday, November 21, 2016

Chrome leads the browser pack with 504 reported vulnerabilities followed
by Internet Explorer with 289 and Firefox with 171. Some 1035 flaws
were reported across all browsers including Opera and Safari, up from
728 in 2013.

"Reported vulnerabilities" are in layman's terms known weaknesses in the program code of the web browser that have been or could eventually be used to hack through a given web browser into computers.

Why would a person want to willingly live with more risks than less?

This seems to me to be a good time to talk about the most common argument for Google Chrome, at least as far as I hear from my customers. The argument is "Yeah, but Chrome is faster". Mostly I get that from younger people or grandparents who quote family members or friends thereof.

That argument is "true" only to a laughably small effect that IMHO is totally irrelevant.

Every web page is made up of often numerous files; these files have to be transferred from the server computer of that web page into our computer. The time this transfer takes is solely dictated by the real life speed and performance of our Internet connection. Our computer and the web browser have next to no influence on that transfer.

Only after all the files that comprise the web page are on our computer the web browser can begin to build the visible web page on the screen. Yes, in doing this Google Chrome is faster than other browsers but this is maybe 10% of the total time it takes from us clicking on a link to the web page appearing on our screen.

Let me do the math for an extremely slow example: Assumed it takes 10 seconds from click to visible page (which is quite long!). 90% of this time is waiting for the transfer of the file(s), that is 9 out of 10 seconds; only 10% (equals 1 second) is what the browser takes to actually do it's job of giving us something to look at. Even if Google Chrome were 20% faster than another browser that would amount to being 0.2 seconds faster over all. That difference is well below what humans can perceive!

My point is: "Faster" is by no means "better"!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Tuesday, October 4, 2016

The newest telephone scam I heard of is the Microsoft Licensing Scam. You may get a phone call or a voice mail saying something like this (phone numbers deliberately obscured):

“This is to notify you that your Microsoft Windows license key has been
expired in your computer so Microsoft Corporation has stopped the
services in your computer. To renew the Windows license key, please call
866 XXX XXXX. Let me repeat. This is to notify you that your Microsoft
Windows license key has been expired in your computer so Microsoft
Corporation has stopped the services in your computer. To renew the
Windows license key, please call 866 XXX XXXX. I will repeat 866 XXX
XXXX.”

The message obviously was from a computer generated, sort of "mechanical" voice and the stilted English suggest a non-native English speaker behind the whole thing.

Any messages about licensing issues truly from Microsoft would pop up on your computer's screen only during installation or activation. And we all know, if only from experience, that a Microsoft license for the Operating System comes with the computer when you buy it and it is good for the lifetime of the machine.

In Windows services are programs running in the background; they are required for even basic functions of the computer. A computer would not work at all without the required services running in the background.

In the case I read about the recipient happened to be a very, very experienced Windows user; the gentleman called back the 866 number from the message; he said about that call:

"Because the number was toll free, I called it just to see what would
happen. An answering machine invited me to leave a message and my number
for a callback — I declined.

Please remember: Any and all phone calls claiming to come from Microsoft or any company associated with Microsoft are scams. Don't even talk to these people! Do not give them your phone number or ANY OTHER information.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Wednesday, September 28, 2016

Today I met with a customer who recently I had pointed to my blog posts about ransomware. He sort of poo-pooed my words and pointed me to his safe habits.

With his permission I looked in his (very big) Inbox with about 1,000 emails. I looked only for mails with attachments and found quite a few.

I grabbed randomly one of the attachments, a ZIP file by the way, and saved that file to the computer.

Then I went to Virustotal.com, uploaded the file and had it tested. The results speak for them selves, here they are:

Clearly this file contains a downloader and a variant of the encrypting ransomware Locky. And who knows what the downloader would do to the machine if it ever gets to run.

Currently DO NOT directly open ANY attachment from an email, no matter how "good" you think you know the sender or what ever excuses your brain comes up with.

Always save the attachment to a place on your computer you can easily access like the desktop.

Then in your web browser go to virustotal.com, browse to the file - in this example on the desktop, upload the file and if virustotal.com comes up with anything then delete the file AND the email it came from!

Better safe than sorry!

And before you ask, some of my previous articles about ransomware are here, here, here, here and here.

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Tuesday, September 27, 2016

Again I ran into a customer who almost insisted on keeping "his" Norton Internet Security package against my recommendation. I decided to write yet another diatribe against NIS and the reasons behind my stance.

This morning I got the current edition of a computer related newsletter that covers this very issue more concisely and better than I ever could. The text about NIS is buried in the article under the sub-heading "Why doesn’t Fred ever mention Norton/Symantec?". I want to save you the trouble of having to read (or skim) through the quite technical and lengthy discussion of file name length limitations that is the first part of the article; later in my article (what you are reading) I will quote the complete part about NIS as Fred Langa wrote it.

Who is Fred Langa? Here is the "About Fred Langa" copied directly from Windows Secrets:

In short and simple words: Fred Langa is a veteran in the field of PCs and IMHO one of the most trustworthy authors about PCs out there!

Now to above mentioned quote about Norton Internet Security products. The only alteration: I shortened the name of the original questioner for obvious privacy reasons to just the initials.

Why doesn’t Fred ever mention Norton/Symantec?P F wonders about a long-standing omission in this column.“Is there a reason we never hear about Symantec/Norton Internet Security from Fred Langa?”

Yes, there’s a reason, Paul. The omission is quite deliberate.I absolutely loved Norton software way back when Peter Norton was
running the company. But after Symantec bought him out in the 1990’s
(keeping the “Norton” name, but little else) Symantec/Norton products
gained a reputation as bloated and slow; and periodically they contained
extremely serious flaws.

Symantec has addressed some of the bloat problems in recent years, but shockingly severe problems still crop up.

For example, as recently as this past summer, researchers found truly frightening, flagrant flaws in all Symantec/Norton antivirus software. Some security researchers said those flaws were “as bad as it gets.”

I agree with that assessment: Due to these flaws, even an unopened email or an unclicked link could compromise your PC at its deepest level!

For more specifics, see the U.S. Government warning, “Symantec and Norton security products contain critical vulnerabilities,” the Fortune Magazine article, “Google found disastrous Symantec and Norton vulnerabilities,” and the Ghacks.net article, “Google shames Symantec for security issues.” A web search will turn up lots of other coverage, too.

Those egregious vulnerabilities were patched, but they never should
have happened in the first place — especially in a nominal “security”
product.

And note: That’s just one recent problem. There have been numerous
other problems extending back for years. For example, I just did a
general web search on ‘norton security’ problems, and found over 13 million hits!

The above are objective facts you can check for yourself. But what follows is my personal opinion:

I think running Symantec products is worse than running no security software at all. With no security software, at least you know you’re not protected. But millions of Symantec/Norton customers think
the software is keeping them safe, when there’s strong evidence that it
might actually be creating new vulnerabilities and system problems that
wouldn’t otherwise exist. To me, that’s unconscionable in security
software.

I haven’t had any Symantec products on my PCs since the early 1990s,
and I don’t see that changing any time soon. I’ve seen too many problems
with Symantec/Norton’s software.

Your experience might be different, and you’re certainly free to use what you like.

But now you know why you don’t see any coverage of Symantec products from me.

Personally I fully and wholeheartedly agree with Fred Langa!

As usual I welcome comments and suggestions right here in the blog. Thank you in advance.

Saturday, July 23, 2016

I got an email from a customer and believe my reply might be of interest to many people. The customer quoted an article from another blog(?) that recommended to search directly out of the URL field. Here is my reply verbatim as I sent it:

The crux with all these "easy" tips
is that they all play right into the industry's game.

The more searches any given search
engine gets to perform the more money they can ask for
their aggregated info
on what we search for. The search engine
companies may not directly advertise to us but the companies
that buy this aggregated
search information can then advertise better and more
directly to us.

It's a fact that Bing and
Yahoo (they use
Bing) do NOT show us what in the search
results are paid
advertisements.

It's
a fact that way too
many advertisements get
abused to get malicious programs on our computers.

It's a
fact that some web
browsers (like IE and Edge, both from Microsoft!) make it very difficult or don't
allow us at
all to suppress
advertisements.

It's a fact that Google does not
allow us to suppress certain advertisements in
Google's own Chrome browser.

All the before said and more is behind my STRONG recommendation
to use only Firefox as I set it up for my customers.

And I urge my customers to search ONLY out of the
little browser specific Search window:

because when you search from there you get a Google search result

MINUS any advertisement(s),PLUS the red, yellow and green Web of Trust ratings right by
every search result.AND your search with Google has happened anonymously!

Update Jan. 10th 2017:Sadly around November 5th 2016 Mozilla, the organization that supplies Firefox and Google have removed that piece of code from their download pages; some details are here. If you remove the WOT extension or add-on from your Firefox browser it currently can not be re-installed!Google recently made the WOT extension available again.

If that is not reason enough for any of my customers
it's their decision and their money if I have to clean up their
machine again.

Scores (or thousands, or millions) of enterprise and home Symantec users
are open to remote compromise through multiple now-patched (where
possible) wormable remote code execution holes described by Google as
'as bad as it gets'.

Victims would not even need to open the malicious files to be compromised.

Some of those [affected] platforms cannot be upgraded.

Towards the end of the article The Register seems to quote six actions users should take to secure their systems. Four of those six are impossible to even think of for normal home users; they require corporate installations and corporate management structures that just are non-existent in home installations.

The other two require a level of know-how and technical expertise that is equally non-existent in the average home user environment.

The only consequent reaction for home user is what I preach to my customers for years:

Ditch any and all Norton products.

If you have allowed that Norton automatically charges your credit card you have to revoke that permission. You can get their phone number(s) through this web page.
Normally uninstalling them from Programs and Features in the Control Panel is not enough. I recommend to additionally run the Norton Removal Tool downloaded from this page; click on either of the links "Download@MajorGeeks".

About Me

52 years in Information Technology and 34 years of experience with PCs as of 2016. Specialized in non-destructive virus and malware removal, home computer protection and showing my customers how to keep their computers "mean and clean". From 2004 to 2015 I was the regular computer guru on a local radio call-in talk show. From April 2015 through April 2016 I was bi-wwekly on WBKV 1470AM. I offer only house calls and work exclusively on MS-Windows. I do NOT sell hardware or software, I sell only my know how, my experience and my time.